Is there a proper/formal term for the security permissions model where the creator of a resource has full permissions on it regardless of their access to the system at large?

Most common example I can think of is document or file systems.

Is there any good literature contrasting that to other models of permission?


@nbering I am in the process of studying for the Security+ certificate and they refer to it as “discretionary access control” (basically the owner of the object has full access and can grant access to other users at their discretion).

@nbering This is contrasted against mandatory access control (access granted based on a user’s security clearance level), role-based access control (access granted based on predefined roles to which the user is assigned), rule-based access control (rules describe the circumstances under which access is granted) and attribute-based access control (access is granted based on the attributes of the user and the attributes of the object).

@stringlytyped Thanks! I was familiar with role-based access control by name.

I’d never heard anyone use the term discretionary access control… but it’s certainly fitting.

@nbering Yeah, I don’t know how often that term is used in the industry. But hopefully now you have something you can Google. The exam doesn’t seem to go into any more detail than that, so I’m afraid I don’t have anything to point you to if you wanted more info

@stringlytyped That was quite helpful.

Are you finding your Security+ exam prep helpful? I’ve been pondering whether to apply myself to certification prep for a while, but nothing has struck my fancy enough to commit to.

@nbering Awesome, I’m glad 😊

Some of it is just formalizing stuff I already kind of knew, but there are enough things that I haven’t had much exposure to that keep me interested. (Keep in mind that I don’t really have any infosec expertise and this my first attempt at any sort of formal training in this area.) I don’t think it will be a difficult exam, but the material covered is quite broad so there is a lot of reading and note taking that has to be done

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.